Two flaws in Atos Unify products that were found earlier this year could allow hostile actors to destabilize the target system and possibly backdoor it. Researchers at SEC Consult, an Austria-based cybersecurity consulting company that is a division of the Atos Group’s Eviden business, discovered the faults in the unified communications and collaboration solution.
The Border Control Function (BCF), which is made for emergency services, the Unify OpenScape Branch solution for distant offices, and the Atos Unify Session Border Controller (SBC), which offers security for unified communications, are all impacted. SEC Consult researchers found that CVE-2023-36618, which may be exploited by an authorized attacker with low privileges to execute arbitrary PHP functions and subsequently operating system instructions using, affects the online interface of these products.